CVE-2022-37026: https://nvd.nist.gov/vuln/detail/CVE-2022-37026
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-37026 fixed 9.8 N L N N H
References:
['erlang-asn1_1:23.2.6+dfsg-1_amd64.deb===>erlang-asn1_1:23.2.6+dfsg-1+deb11u1_amd64.deb', 'erlang-base_1:23.2.6+dfsg-1_amd64.deb===>erlang-base_1:23.2.6+dfsg-1+deb11u1_amd64.deb', 'erlang-crypto_1:23.2.6+dfsg-1_amd64.deb===>erlang-crypto_1:23.2.6+dfsg-1+deb11u1_amd64.deb', 'erlang-eldap_1:23.2.6+dfsg-1_amd64.deb===>erlang-eldap_1:23.2.6+dfsg-1+deb11u1_amd64.deb', 'erlang-ftp_1:23.2.6+dfsg-1_amd64.deb===>erlang-ftp_1:23.2.6+dfsg-1+deb11u1_amd64.deb', 'erlang-inets_1:23.2.6+dfsg-1_amd64.deb===>erlang-inets_1:23.2.6+dfsg-1+deb11u1_amd64.deb', 'erlang-mnesia_1:23.2.6+dfsg-1_amd64.deb===>erlang-mnesia_1:23.2.6+dfsg-1+deb11u1_amd64.deb', 'erlang-os-mon_1:23.2.6+dfsg-1_amd64.deb===>erlang-os-mon_1:23.2.6+dfsg-1+deb11u1_amd64.deb', 'erlang-parsetools_1:23.2.6+dfsg-1_amd64.deb===>erlang-parsetools_1:23.2.6+dfsg-1+deb11u1_amd64.deb', 'erlang-public-key_1:23.2.6+dfsg-1_amd64.deb===>erlang-public-key_1:23.2.6+dfsg-1+deb11u1_amd64.deb', 'erlang-runtime-tools_1:23.2.6+dfsg-1_amd64.deb===>erlang-runtime-tools_1:23.2.6+dfsg-1+deb11u1_amd64.deb', 'erlang-snmp_1:23.2.6+dfsg-1_amd64.deb===>erlang-snmp_1:23.2.6+dfsg-1+deb11u1_amd64.deb', 'erlang-ssl_1:23.2.6+dfsg-1_amd64.deb===>erlang-ssl_1:23.2.6+dfsg-1+deb11u1_amd64.deb', 'erlang-syntax-tools_1:23.2.6+dfsg-1_amd64.deb===>erlang-syntax-tools_1:23.2.6+dfsg-1+deb11u1_amd64.deb', 'erlang-tftp_1:23.2.6+dfsg-1_amd64.deb===>erlang-tftp_1:23.2.6+dfsg-1+deb11u1_amd64.deb', 'erlang-tools_1:23.2.6+dfsg-1_amd64.deb===>erlang-tools_1:23.2.6+dfsg-1+deb11u1_amd64.deb', 'erlang-xmerl_1:23.2.6+dfsg-1_amd64.deb===>erlang-xmerl_1:23.2.6+dfsg-1+deb11u1_amd64.deb']
Reviewed: https:/ /review. opendev. org/c/starlingx /tools/ +/882804 /opendev. org/starlingx/ tools/commit/ 3ce45d4dd5dfece f18e92fca0983ab b2299df50b
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 3ce45d4dd5dfece f18e92fca0983ab b2299df50b
Author: Zhixiong Chi <email address hidden>
Date: Mon May 8 14:24:00 2023 +0800
erlang: fix CVE-2022-37026
Upgrade erlang sub-packages to 23.2.6+ dfsg-1+ deb11u1 asn1_23. 2.6+dfsg- 1+deb11u1 base_23. 2.6+dfsg- 1+deb11u1 crypto_ 23.2.6+ dfsg-1+ deb11u1 dev_23. 2.6+dfsg- 1+deb11u1 diameter_ 23.2.6+ dfsg-1+ deb11u1 edoc_23. 2.6+dfsg- 1+deb11u1 eldap_23. 2.6+dfsg- 1+deb11u1 erl-docgen_ 23.2.6+ dfsg-1+ deb11u1 eunit_23. 2.6+dfsg- 1+deb11u1 ftp_23. 2.6+dfsg- 1+deb11u1 inets_23. 2.6+dfsg- 1+deb11u1 mnesia_ 23.2.6+ dfsg-1+ deb11u1 odbc_23. 2.6+dfsg- 1+deb11u1 os-mon_ 23.2.6+ dfsg-1+ deb11u1 parsetools_ 23.2.6+ dfsg-1+ deb11u1 public- key_23. 2.6+dfsg- 1+deb11u1 runtime- tools_23. 2.6+dfsg- 1+deb11u1 snmp_23. 2.6+dfsg- 1+deb11u1 ssh_23. 2.6+dfsg- 1+deb11u1 ssl_23. 2.6+dfsg- 1+deb11u1 syntax- tools_23. 2.6+dfsg- 1+deb11u1 tftp_23. 2.6+dfsg- 1+deb11u1 tools_23. 2.6+dfsg- 1+deb11u1 xmerl_23. 2.6+dfsg- 1+deb11u1
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
erlang-
Refer to: /security- tracker. debian. org/tracker/ CVE-2022- 37026
https:/
TestPlan: 6+dfsg- 1+deb11u1 6+dfsg- 1+deb11u1 6+dfsg- 1+deb11u1 6+dfsg- 1+deb11u1 6+dfsg- 1+deb11u1 6+dfsg- 1+deb11u1 6+dfsg- 1+deb11u1 6+dfsg- 1+deb11u1 6+dfsg- 1+deb11u1 6+dfsg- 1+deb11u1 runtime- tools 1:23.2. 6+dfsg- 1+deb11u1 6+dfsg- 1+deb11u1 6+dfsg- 1+deb11u1 6+dfsg- 1+deb11u1 6+dfsg- 1+deb11u1 6+dfsg- 1+deb11u1 6+dfsg- 1+deb11u1
PASS: downloader
PASS: build-pkgs -a -c
PASS: build-image
PASS: Jenkins Installation.
PASS: dpkg -l |grep erlang-
ii erlang-asn1 1:23.2.
ii erlang-base 1:23.2.
ii erlang-crypto 1:23.2.
ii erlang-eldap 1:23.2.
ii erlang-ftp 1:23.2.
ii erlang-inets 1:23.2.
ii erlang-mnesia 1:23.2.
ii erlang-os-mon 1:23.2.
ii erlang-parsetools 1:23.2.
ii erlang-public-key 1:23.2.
ii erlang-
ii erlang-snmp 1:23.2.
ii erlang-ssl 1:23.2.
ii erlang-syntax-tools 1:23.2.
ii erlang-tftp 1:23.2.
ii erlang-tools 1:23.2.
ii erlang-xmerl 1:23.2.
Closes-Bug: 2018636
Signed-off-by: Zhixiong Chi <email address hidden> bd00a9ca60bdcfb 76b1531bd1b
Change-Id: I34900d3c94c08b